Resources

In addition to Michaels correct answer:
It is also possible to define the AllowedCorsOrigins pipe-separated.
I also stuck on this and found the description in the IdentityServer WDP zip (parameters.xml):

I see value in using the pipe delimiter in order to make these entries match those from sxa tenants.
– Michael WestDec 17 '18 at 13:06

1

Do you have an example of how to apply this as a patch? Something that can be dropped into a folder?
– Michael WestDec 17 '18 at 13:15

unfortunately not :( it is set by the XP0-Single-Developer.ps1 --> $AllowedCorsOrigins = "http://$SitecoreSiteName"... maybe you can adjust the script to have more $SitecoreSiteNames
– monkey.dscDec 18 '18 at 12:12